Lucene search
K

83790 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47682

Name of the Vulnerable Software and Affected Versions WP Emoticon Rating versions prior to 1.0.2 Description The WP Emoticon Rating plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they did not...

6.1CVSS5.3AI score0.0012EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47679

Name of the Vulnerable Software and Affected Versions FastPicker versions prior to 1.0.3 Description The FastPicker plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the settingsPage function lacks proper nonce validation, which is a unique token used to verify th...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2026/06/09 12:0 a.m.67 views

📄 Quick Playground for WordPress 1.3.1 Shell Upload

Proof of concept remote shell upload exploit for Quick Playground for WordPress plugin versions 1.3.1 and below. ================================================================================================================================== | Title : Quick Playground for WordPress 1.3.1 —...

9.8CVSS5.5AI score0.03092EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47634

Name of the Vulnerable Software and Affected Versions Enable Media Replace versions prior to 4.1.9 Description Insufficient input sanitization and output escaping in the Enable Media Replace plugin for WordPress allow authenticated attackers with Author-level access or higher to perform Stored...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/08 8:48 p.m.10 views

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation vulnerability

Missing Authorization to Authenticated Subscriber+ Subscription Pack Cancellation vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP User Frontend versions = 4.3.2...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 3:7 p.m.12 views

WordPress jQuery Hover Footnotes plugin <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by nishida azuka in WordPress Plugin jQuery Hover Footnotes versions = 1.4...

6.4CVSS5.4AI score0.00253EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 3:7 p.m.11 views

WordPress Global Body Mass Index Calculator plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Global Body Mass Index Calculator versions = 1.2...

6.4CVSS5.4AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 3:6 p.m.9 views

WordPress WP Meta Sort Posts plugin <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin WP Meta Sort Posts versions = 0.9...

4.3CVSS5.5AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 3:6 p.m.9 views

WordPress WP Emoticon Rating plugin <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Emoticon Rating versions = 1.0.1...

6.1CVSS5.5AI score0.0012EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 3:5 p.m.11 views

WordPress WP-Ultimate-Map plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP-Ultimate-Map versions = 1.1...

6.1CVSS5.5AI score0.00119EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 3:5 p.m.9 views

WordPress Extra Settings for RocketChat plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Extra Settings for RocketChat versions = 0.1...

6.4CVSS5.4AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 3:4 p.m.9 views

WordPress Plugin Name: ePaperFlip Publisher plugin <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Plugin Name: ePaperFlip Publisher versions = 1...

6.4CVSS5.4AI score0.00192EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/06/08 2:29 p.m.82 views

Exploit for CVE-2026-7465

CVE-2026-7465 - Spectra Gutenberg Blocks Local Lab Local Dock...

8.8CVSS5.8AI score0.01174EPSS
Exploits3
Patchstack
Patchstack
added 2026/06/08 2:11 p.m.9 views

WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dutafi in WordPress Plugin Directorist Booking versions = 3.0.3...

8.5CVSS5.7AI score0.00205EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/08 1:48 p.m.8 views

WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Advanced 301 and 302 Redirect versions = 1.6.9...

9.3CVSS5.8AI score0.00289EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/08 1:43 p.m.8 views

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by manop55555 in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.9.5...

8.2CVSS5.4AI score0.00237EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/08 1:1 p.m.7 views

WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by wackydawg in WordPress Plugin LoginPress Pro versions = 6.2.2...

9.8CVSS5.5AI score0.00321EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/08 12:16 p.m.9 views

CVE-2026-3011

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS0.00206EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/08 11:23 a.m.46 views

CVE-2026-3011 Recipe Card Blocks Lite <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting via 'summary' and 'notes'

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS0.00206EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:23 a.m.6 views

CVE-2026-3011

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References7
Rows per page
Query Builder